A gentleman from the BBC e-mailed me regarding the "hidden" BBC syndication feeds I found last week. (That news I "broke" was blogged all over the place.) It turns out those feeds weren't intended for the public, won't be available for much longer, and weren't being updated anyway. Here's a snippet of the e-mail:
NewsOnline's public RSS service was only intended to include the following feeds
Your list includes a number which we had decided not to offer but had neglected to clean up properly from our website. None of these 'extra' feeds have been updated since Aug 22nd and we will be removing these from our website in the near future.
That's a pity; the extra feeds were great. But there's an interesting lesson here: Anything you put online, regardless of whether its URL is public, is fair game. Anybody can type a URL in and try to guess at patterns and conventions -- that's what I did with the BBC feeds. Site managers, save yourself some trouble and keep sensitive stuff to yourself in the first place.
I think this is something news sites in particular should bear in mind, knowing how common it is for sites to put advanced versions of stories online -- like Scripps Howard foolishly did with its Ronald Reagan obituary, which is still available via the WayBack Machine. In creating or testing anything that's not intended for public view, it's best to use a non-public server.